<?php
/**
 * <https://y.st./>
 * Copyright © 2019 Alex Yst <mailto:copyright@y.st>
 * 
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <https://www.gnu.org./licenses/>.
**/

$xhtml = array(
	'<{title}>' => 'Unannounced missionary visit',
	'takedown' => '2017-11-01',
	'<{body}>' => <<<END
<img src="/img/CC_BY-SA_4.0/y.st./weblog/2019/05/23.jpg" alt="Strange-looking pink flowers I saw for the first time last year" class="framed-centred-image" width="800" height="480"/>
<section id="diet">
	<h2>Dietary intake</h2>
	<p>
		For breakfast, I had 74 grams of cereal and 171 grams of soy milk.
		For lunch, I had two slices of banana French toast.
		I really don&apos;t know what I&apos;m doing with French toast, so they came out soggy.
		They were okay with syrup though.
		For dinner, I had two more slices.
		I also snacked on 262 grams of pretzels.
	</p>
</section>
<section id="dietary">
	<h2>Dietary meeting</h2>
	<p>
		When I checked in for the dietary meeting today, they asked again for my Social Security number.
		I told them once again that I wasn&apos;t carrying my Social Security card, and a bit later, I said I always forget to bring it.
		I guess it&apos;s true that I forget that they&apos;d want me to bring it, but if I remembered, I still wouldn&apos;t bring it.
		They don&apos;t need it and I don&apos;t want to give it to them.
		They then said they needed my insurance card and photo $a[ID] to scan, if I had those on me.
		I handed those over.
		Those are fine.
	</p>
	<p>
		The dietician came through a bit after I&apos;d sat down to wait, and took me to the back room to weigh me.
		It seems I&apos;m about 110 kilograms now.
		I&apos;m not sure if that&apos;s an improvement of not.
		I&apos;m pretty sure that last time, they used pounds, so I ignored the number because I don&apos;t use pounds.
		After that, the dietician unlocked the meeting room so I could wait there.
	</p>
	<p>
		I&apos;d arrived early, so I had about half an hour between when I&apos;d gotten there and when I needed to be at the meeting room.
		I planned to work on my discussion post for the day while I waited, but once I got to the meeting room to wait, I accidentally pulled the battery of my laptop loose.
		The thing predictably shut off, so I lost the webpages I&apos;d had open for research on the topic.
		I wouldn&apos;t be able to get anything done until I got home, where I can access the Internet and reload the pages.
		As I always do, I tried connecting to the nearby Wi-Fi, even though the hospital&apos;s Wi-Fi didn&apos;t seem to work for me two weeks ago.
		I assumed it was a captive portal.
		It actually let me on this time, though it took a while.
		I was even somehow still logged into my school&apos;s website, which is odd, as I always get logged out when there&apos;s no power and the laptop shuts off.
		I had more urgent issues to attend to than coursework though.
		This time, the system clock lost its configuration.
		The laptop thought that it was 2018-06-28 at about 21:30.
		I tried to look up how to update the system clock.
		At this point, the Internet connection went back to not working.
		I was connected to Wi-Fi, but no traffic was getting through, just like last time I was here.
		I wouldn&apos;t be able to set my system clock until later.
	</p>
	<p>
		Though I got the pages I needed reloaded, I wasn&apos;t able to actually start on my coursework yet, as more participants started showing up and we talked while waiting for the meeting to start.
		It seems there&apos;s a website that allows us to check the notes for us from the dietician.
		When I finally got a chance to check the website out, it turns out you need to have an existing $a[ID] on file, and you can only request one through the website by entering a bunch of information including a telephone number.
		I&apos;ll have to ask in-person for an $a[ID] to be sent to me at the next meeting.
	</p>
	<p>
		This time, we all introduced ourselves by telling one physical activity that we frequently engage in.
		The dietician does water aerobics, though they don&apos;t enjoy it.
		One of the other participants does the same.
		Another one bikes like I do.
		The final one walks.
		Normally, there&apos;d be one last participant, but they were absent today.
		Next, we reported on our following-through with of our goals, as before.
		Aside from me though, only one other participant got a chance to talk about their efforts, as we ended up sidetracked by what that person had said.
	</p>
	<p>
		The other participant&apos;s goal was to eat better and stop smoking.
		Eating &quot;better&quot; doesn&apos;t sound like a specific enough goal for the dietician to have approved, based on how the dietician has been tweaking even my specific goals to be even more specific, and the dietician seems surprised by the goal.
		It turned out that they&apos;d met with some other medical professional after the meeting and changed their goal.
		As for quitting smoking, they didn&apos;t make it in the time frame of our two-week period, but they&apos;ve drastically reduced how much they smoke.
		That&apos;ll be good for their health.
		I hope they&apos;re able to quit entirely, and more importantly, not start back up like so many smokers I&apos;ve known that have quit in the past.
		They also reported that setting limits on what they could eat made them want what was off-limits more than they normally would.
		I think that&apos;s one of the great advantages to the journaling approach: nothing and no amount is specifically off limits, but there&apos;s still that level of shame in going too high.
		There&apos;s no actual hard line though.
	</p>
	<p>
		Last time, the dietician mentioned how the word &quot;diet&quot; implies negativity, so people can stick with a meal plan, but they can&apos;t stick with a diet as easily, even though they&apos;re the same thing.
		I don&apos;t buy into those word games though, so I&apos;ve been calling my attempts to eat better and eat less a diet.
		The dietician brought up a better point in today&apos;s meeting though: a diet implies that you go on the diet, and later go off the diet.
		That&apos;s not what we&apos;re trying to do here.
		We&apos;re aiming for permanent changes in behaviour.
		That said, this is also something that a meal plan isn&apos;t.
		A meal plan has an end as well.
		Starting off with one may be a good idea for helping get on the right track though.
	</p>
	<p>
		The dietician also talked about night snacking, as one person brought it up.
		Their recommendation wasn&apos;t what I&apos;d expected.
		I&apos;d expected that night snacking should be avoided.
		Rather though, they said to go ahead and have a snack at night, and to wait as late as you can to have it.
		In the mean time, you&apos;re not snacking, as you know you&apos;ll be able to snack later.
		Also, you can add things to the snack that&apos;ll slow down your eating of it by, for example, making you chew more.
		By having the snack really late, you&apos;re less likely to go back for a second helping as well.
		Another good suggestion was to do your dental stuff, such as brushing your teeth, right after your night snack.
		You won&apos;t want another snack, as you won&apos;t want to go back and brush your teeth again.
		For me, in particular, I&apos;ve got prescription toothpaste and I&apos;m not allowed to eat or drink for thirty minutes after I brush.
		And finally, the dietician suggested making the snack something you like.
		That way, you&apos;re not left wanting.
	</p>
	<p>
		Obviously, activity burns calories as you participate in it.
		It seems you also burn more calories while you sleep after a day you&apos;ve been active, compared to a day you haven&apos;t.
		For that reason, you want to be active as many days as possible.
		Squeezing all your activity for the week into one or two days isn&apos;t a good idea.
		And finally, the dietician covered that activity builds muscle, and muscle burns more calories to keep itself alive than fat does.
		I&apos;ve already known that for a while though.
		It seems that staying in shape makes you less likely to get injured though.
		When you&apos;re strong, you&apos;re not as easily damaged.
		I hadn&apos;t thought about that.
	</p>
	<p>
		We were told that it can be helpful to find some benefit to physical activity apart from its effect on our health that outweighs the negatives, such as the cost in time, the costs of the activity, the costs of gear for the activity, et cetera.
		I already have that, when it comes to biking.
		I&apos;ve got an environment to look after.
		Driving would be bad for it.
		I&apos;ve also got principles to uphold.
		The $a[DMV] refuses to issue me a drive test if I don&apos;t have telephone service, and giving into their desires for me to be reachable vis one of the most noxious and obnoxious methods currently available would be extremely contrary to those principles.
		Therefore, I don&apos;t have a driver license, and can&apos;t use a car anyway, even though I&apos;ve learned how to drive.
		Biking provides me reliable transportation without compromising in either of those areas; the compromise instead comes in the form of the requirement for physical exertion.
		As for money, I actually probably save a lot more than I know by biking.
		Bikes are cheaper than cars, don&apos;t require expensive fuel, and don&apos;t require monthly insurance bills.
		The costs in time and costs in physical exertion are pretty much the only drawbacks to my bicycle-centric transportation.
	</p>
	<p>
		The dietician explained that one hundred fifty minutes of aerobic activity per week are needed just to remain healthy enough to avoid chronic illness.
		That&apos;s, what, two and a half hours?
		I get two hours of that every Thursday, biking to my $a[EUGLUG] meetings.
		I mean, aside from weeks I&apos;ve got something else going on Thursday.
		I&apos;ve sort of given up on taking multiple trips to Eugene in a single day.
		Still, I got over an hour today, going to this meeting and returning home.
		And later in the week, I&apos;ve got to bike to Eugene again for my $a[laser] hair removal treatment.
		Also, the dietician said that two minutes of household activity, such as doing laundry and cleaning, count as one minute of aerobic activity for the purposes of that number.
		As I&apos; confirm later, my ten-minute commutes to work by bike count too, and that&apos;s five commutes to work and five back each week, except lately, when I&apos;ve only had four shifts per week.
		Still, that&apos;s eighty minutes right there.
	</p>
	<p>
		They also said that physical activity isn&apos;t a hobby.
		It&apos;s a prescription.
		It&apos;s not optional.
		There are three types of exercise.
		There&apos;s flexibility, aerobic, and resistance training.
		Ideally, we should get all three for well-rounded fitness.
		Aerobic exercise burns the most calories though.
		I kind of get resistance exercise at work.
		I go out of my way to lift the heavy stacks of pans when I can.
		Like, I don&apos;t interfere with my job to do it, but while most people break the heaviest stacks up before moving them, I move the full stack at once if I can, in an effort to get a bit of exercise.
		I&apos;m one of two people in the store that seem to be able to lift the heaviest stacks, too.
		I used to be one of three, but the toxic shift leader got fired or quit, I forget which.
		They were one of us that could do it.
		I have weak days though, when I&apos;m not able to.
		I started out using the heavy pans to gauge my strength for the day.
		I forget what was going on, but I was overly weak for some reason.
		Maybe I was recovering from an illness?
		I forget.
		The heavy pan stacks gave me a way to check my current strength though.
		These days, I have to be really not doing well not be be able to lift them though, ans I continue just to fit a little weight-lifting into my day, which otherwise wouldn&apos;t be an option for me.
		I don&apos;t think I get any flexibility exercises in though.
		As for aerobic exercise, that&apos;s most of what I get, as I bike everywhere I need to get.
	</p>
	<p>
		We were also taught about warm-ups and cool-downs.
		I&apos;d heard of them, but didn&apos;t really know what they entailed.
		Apparently, you do the activity slower for ten minutes.
		That&apos;s all.
		I might already be doing that on my long biking trips.
		It takes me a bit to get going, and as I approach my destination, I slow down as I&apos;m less anxious to get there and am a bit tired.
		We discussed the concept of perceived exertion.
		It seems the best level of activity is something you feel is somewhere from fairly light to somewhat hard.
		It shouldn&apos;t be very hard though.
		Hard activity not only isn&apos;t as effective for staying fit, but additionally presents additional risk of injury.
		Our bodies are pretty good at gauging what they&apos;re up for and not.
		The whole &quot;no pain, no gain&quot; mantra is actually patently false, and giving everything you have isn&apos;t beneficial, health-wise.
		We were told about the &quot;talk test&quot;: you should be able to hold a conversation while working out.
		I feel like I could do that while biking.
		I sometimes even sing a bit as I ride.
	</p>
	<p>
		The benefits of cross-training were examined.
		It&apos;s better to get a variety of exercises.
		There&apos;s less chance of injury, as one muscle group has time to rest while another is being used.
		That&apos;s an area I should probably do better in.
		I don&apos;t get a whole lot of types of exercise.
		I mentioned before how I don&apos;t have space for sit-ups with Summer inhabiting my living room with her boxes.
		Apart from the sit-ups I used to do, my main exercise is my biking.
		I get some heavy lifting at work, but not a whole lot.
	</p>
	<p>
		It was also pointed out that on free days, it&apos;s better to exercise early on and not put it off until later.
		The longer you wait, the more likely something will come up and you won&apos;t exercise at all.
		I&apos;ve definitely seen that sort of thing in my life, not specific to exercise.
		Also, it&apos;s best not to go more than one day in a row off from exercising, for maximum calorie-burning.
		I thought that&apos;d be rather difficult with school in session.
		This school drains me, so I don&apos;t have the time or energy to go out and exercise most days.
		However, we then talked about session length recommendations.
		The dietician asked what we thought was a good length.
		No one else responded, so I said that for me, just whatever I could fit into my day.
		Apparently, that was actually the right answer.
		I didn&apos;t think it was, and just wanted to make the point that many people, myself included, really don&apos;t have time.
		It seems that it used to be recommended that workouts be at least twenty minutes long.
		If they weren&apos;t that long, it was said that it wasn&apos;t even worth exercising at all.
		New studies show this to be patently false though, and every little bit adds up.
		I specifically asked about my two ten-minute commutes per work day, which still adds up to twenty minutes per day, and that was approved.
		So there you have it.
		I&apos;m getting enough exercise as it is.
		I could use more, and I&apos;d probably be better off with a little better spacing in my workouts (biking every single day, for example), but I&apos;m doing decently well as it is.
	</p>
	<p>
		We were told we should start with small durations, then work our way up.
		Even starting out with minute-long exercises and increasing the length by a minute each month is a good plan.
		You&apos;re not racing anyone.
		I&apos;m already able to bike for over an hour at a time at this point, so long as I don&apos;t have to do it more than twice in a day, and don&apos;t have to do it too many times per month.
		We were also told that stretching helps prevent injury, and if an exercise hurts, we shouldn&apos;t do it.
		I&apos;m not sure what one would stretch in preparation for a long bike ride though.
	</p>
	<p>
		You can schedule exercise, but working it in as your commute by walking or biking counts too.
		You can find time somewhere if it&apos;s a priority.
		If you&apos;re having difficulty getting yourself to exercise, you can schedule a meeting with someone to exercise.
		It&apos;ll make it a commitment, and not going will necessarily mean blowing them off, so you&apos;ll be more likely to do as you&apos;ve planned to.
		Also, talking with people as you work out makes you exercise longer because you lose track of time.
		And finally, you can find a way to exercise on your commute, even if the commute itself isn&apos;t exercise.
		For me though, it is, and trying to do something else while I bike&apos;s probably a bad idea.
	</p>
	<p>
		Again, we set our goals to work on until the next meeting.
		I made it my goal to not go more than a day without twenty minutes of biking.
		In actuality, I&apos;m going to try biking every day, but I&apos;m not going to commit to that in case I get behind in my studies or something.
	</p>
	<p>
		In my notes, I jotted down that the dietician said that there&apos;s a freedom in not taking things personally.
		It was profound when they said it, but I&apos;ve entirely forgotten the context now, so it&apos;s become almost meaningless.
		I guess I should have taken better notes.
	</p>
</section>
<section id="connectivity">
	
	<p>
		When I got home, I still couldn&apos;t get my laptop to connect to the Web.
		Nervously, I tried rebooting.
		If that didn&apos;t restore connectivity, I&apos;d have lost my loaded webpages that I needed for research without a way to get them back.
		I needed more research though, so I didn&apos;t have much of a choice.
		No dice.
		No connectivity.
		I&apos;d lost the loaded pages for nothing.
		I tried for over an hour to get the connection up, to no avail.
		I figured it might be because of the incorrectly-set system clock, though I couldn&apos;t find any valid justification for that to prevent network connectivity.
		Perhaps the neighbour&apos;s Wi-Fi router was throwing tantrums because of the date, which might have been being sent as a part of the connection protocol.
		I had no idea.
		And to make things odder, I was still able to connect to Wi-Fi, just not to the Web.
	</p>
	<p>
		Highly annoyed, I rushed to the library to use their Wi-Fi.
		If I could use their Wi-Fi to look up instructions for fixing the clock, maybe I&apos;d have Internet connection at home.
		No luck though.
		I couldn&apos;t reach the Web there, either.
	</p>
	<p>
		In a fit of both stupidity and desperation, I tried to clear my <code>iptables</code> rules, and connect over the clearnet.
		My intent was to verify that the library had switched their router to be a captive portal, which wasn&apos;t the case last time I was there.
		It would explain why I couldn&apos;t connect.
		By no dice.
		I still couldn&apos;t connect.
		The difference now was that Firefox wasn&apos;t complaining of timeouts as it was when it couldn&apos;t connect through $a[Tor], and instead was able to instantaneously report that it couldn&apos;t reach the website, or any other website I tried.
	</p>
	<p>
		I was out of options.
		I went home to try one last time, knowing that when it failed, I&apos;d have to bike to the $a[EUGLUG] meeting I&apos;d wanted to blow off today to see if my fellow Linux-users knew what to do.
		I&apos;d already had enough biking for the day going to the dietary meeting and back, and I&apos;d hoped to use the rest of the day for coursework.
		From home, I saw the connection still wasn&apos;t working, so I tried pinging to see if it was Firefox being idiotic or something lower down.
		I mean, I had Wi-Fi connectivity.
		Why didn&apos;t I have an Internet connection?
		<code>ping</code> said the operation wasn&apos;t permitted.
		Not permitted?
		What?
		That sounded like an <code>iptables</code> packet block to me.
		But I&apos;d taken down the rules, right?
		I took a closer look, and found what I&apos;d done had cleared most of the rules, but not the base policy of dropping all packets that don&apos;t meet those rules.
		<em>*sigh*</em>
		I set the policy to accept outgoing packets, and lo and behold, I could connect again.
		What.
		The.
		Squid.
		I tried telling Firefox to route through $a[Tor] again, and I was able to reach the Web that way, too.
		What on earth had changed?
		And here&apos;s the real kicker: I didn&apos;t tell my laptop to saved any of my changes in <code>iptables</code>.
		I rebooted the machine again to put them back in full effect, then verified that they were in place and tried to reach the Web over $a[Tor] again.
		It works now.
		Nothing has changed, and yet everything has changed.
		I don&apos;t get it.
		And I tried pinging again.
		Pings are once again blocked due to not being run over $a[Tor], just like they&apos;re supposed to be.
		I can&apos;t for the life of me figure out what was going on or how it got fixed.
	</p>
</section>
<section id="religion">
	<h2>Missionary visit</h2>
	<p>
		I was finally sitting down to get some coursework done, and the missionaries stopped by unannounced.
		I don&apos;t know the exact time they got here, but I think they were here for about an hour.
		By the time they left, the $a[EUGLUG] meeting I was already skipping had started without me.
	</p>
	<p>
		In all that time though, we didn&apos;t really discuss a whole lot of new material.
		They want me to read Alma 5.
		I might do that.
		They also wanted to set up a meeting at 10:30 on Thursday, an said they were busy this Saturday.
		While they didn&apos;t want to come on Saturday, they said they&apos;d make it work if I really wanted them to.
		I&apos;m not sure why they&apos;re still coming at all after I called them evil though, so I&apos;m definitely not going to try to talk them into coming more often than they want to.
		And of course, they missed me at church.
		I explained how I don&apos;t belong there, in a church that only recognises men and women, but no other people.
		They didn&apos;t seem to want to say it, but it was easy to see they were trying to dance around the subject.
		They didn&apos;t want to say that they see me as a man.
	</p>
	<p>
		Oh, yeah, an they asked about if I&apos;d given any thought to their offer of a blessing.
		I said that I&apos;d thought about it extensively, but that I&apos;d come to the conclusion that I didn&apos;t have enough faith to power the blessing.
		It&apos;d be a waste of their time for me to take them up on their offer.
		I explained that I&apos;d been told that faith involves hope, and that I couldn&apos;t hope for a god with such objectionable doctrines was real.
		Even if everything they say is true, they say that a blessing works only as much as the person receiving it has faith.
		(Though another time, they said that the faith of the blessing-giver is important for success too.)
		They took that as a sign of humility.
		Now that I&apos;m writing about it, I can&apos;t help but giggle a bit.
		I mean, look at the implications of what I was saying!
		I can&apos;t hope for their god to be real, because the world is better off without their god, and that makes me mumble?
		Does that not mean that their god is worse than the people, meaning that the people, myself includes, are better than their god?
		How can they label that as humility and not, say, arrogance?
		One of them said that it was the most humble thing they&apos;d heard someone say though, and that they&apos;d never had anyone say something like that before.
		They said they were sure that if they gave me a blessing, I&apos;d get my answer.
		Humble or not though, I&apos;m not sure how the lack of faith can be a deal-breaker in general while also not being a deal-breaker in my case.
		They also talked about a blessing they&apos;d given some struggling missionaries.
		Apparently, they told the missionaries things only those missionaries knew, and now, they can&apos;t even remember what they told them.
		If they can do that for me, I suppose, I&apos;ll have no choice but to believe something beyond me is at play.
		If I could get them to tell me my secret middle name, for example, that&apos;d show me.
		I think I might have told one person that name, but probably not.
		I&apos;ve never written it anywhere.
		And it&apos;s not on any of my $a[ID] even.
		It&apos;s not a part of my legal name, but I still consider it a part of my full name.
	</p>
</section>
<section id="drudgery">
	<h2>Drudgery</h2>
	<p>
		My discussion post for the day:
	</p>
	<blockquote>
		<p>
			It&apos;s hard to say what&apos;s an operating system flaw and what&apos;s a third-party software flaw when you&apos;re dealing with Linux.
			All the software is packaged and distributed by the same group, and different configurations will install different software by default.
			Even critical software such as the kernel often exists in multiple forms, each with a different package that can be installed or removed.
			You can&apos;t even make the determination based on who wrote the software, as the operating system is an amalgam of components written by various people, teams, and companies.
			Again, even something as critical as the kernel is developed by a third party.
			With such a blur in the line between the operating system and add-on software, it&apos;s really up for interpretation what qualifies as an operating system bug and what is just an add-on software bug.
		</p>
		<p>
			With that in mind, I consider OpenSSL, a $a[TLS] encryption library used in nearly every Linux machine, to be a part of the operating system.
			I think most people consider their desktop interface to be a part of the system, and OpenSSL sees wider use than any one Linux desktop environment.
			It&apos;s the de facto standard when it comes to $a[TLS] encryption in Linux.
		</p>
		<p>
			Not too long ago, a vulnerability was discovered in this library.
			It was widely publicised, and many of you have probably heard about it.
			It got nicknamed &quot;Heartbleed&quot;.
			Heartbleed was discovered by a company called Codenomicon, when they tried to hack themselves from the outside to test their own security and learn what how to better defend their system (Lee, 2014).
			It&apos;s a common security practice known as penetration testing.
			This particular vulnerability had some nasty features.
			First of all, if you get hacked using this vulnerability, it&apos;s untraceable.
			You can&apos;t know whether you&apos;ve been attacked or not.
			And secondly, it doesn&apos;t require multiple vulnerabilities to make use of.
			Many exploits have to be used alongside other exploits in order to do any damage, but Heartbleed allows the damage to be done all on its own (Rowley, 2014).
		</p>
		<p>
			Basically, what the bug does is allow an attacker to access the data in pieces of memory that they shouldn&apos;t.
			The $a[TLS] protocol involves a keep-alive feature.
			To make sure the other party is still there, one party will send a packet called a heartbeat.
			That packet contains a message, and also includes a specification of how long the message is.
			The other party then sends the same message back, verifying that they&apos;re still listening to the connection.
			I imagine the length parameter is supposed to be used to make sure the message&apos;s data came through completely.
			However, instances of OpenSSL that were affected by the bug didn&apos;t actually compare the length of the message to the length the message claimed to be.
			They blindly trusted the length parameter.
			You can&apos;t trust data sent to you like that.
			It&apos;s not safe.
			In this case, OpenSSL allocated a chunk of memory to store the message based on the length the message claimed to be, then copied the message into that chunk of memory.
			It then read back the entire chunk of memory.
			This seems fine at first, but if the length specified doesn&apos;t match the actual length of the message, bad things can happen.
			You don&apos;t know what was in that segment of memory previously.
			If the length parameter is set to the actual length of the message, it doesn&apos;t matter because the old data will be overwritten, but if the message is shorter than it claims to be, too much memory is allocated, it doesn&apos;t all get overwritten, and the whole chunk of allocated memory is sent back to the attacker (Fruhlinger, 2017).
			This memory can contain sensitive information, such as user names and passwords for accounts on your website, or even the $a[TLS] encryption keys used to keep eavesdroppers from listening in on connections.
		</p>
		<p>
			From the sounds of it, it was an easy bug to locate in the code once the issue was discovered.
			It was all traced back to one line of code (Limer, 2014).
			This fix was accepted into the code, and people were urged to update their copies of OpenSSL.
			One company even set up a website dedicated to urging people to update their OpenSSL instances (Synopsys, 2014), which is still up today.
			The free software community is pretty good about quickly patching vulnerabilities when they&apos;re found, and that&apos;s really all they can do.
			They can release fixes and warn you of the dangers of not upgrading.
			From there, it&apos;s really up to the users of the software to actually install the patched software and replace the buggy version.
			That&apos;s really all any big company can do too, though a lot of large companies are quite a bit slower when it comes to bug patches.
			It was also urged that websites replace their $a[TLS] certificates in case they&apos;d been leaked (there was no way to know whether they&apos;d leaked or not) and that users change their passwords on all sites, in case those had been leaked.
		</p>
		<div class="APA_references">
			<h3>References:</h3>
			<p>
				Fruhlinger, J. (2017, September 13). <a href="https://www.csoonline.com/article/3223203/what-is-the-heartbleed-bug-how-does-it-work-and-how-was-it-fixed.html">What is the Heartbleed bug, how does it work and how was it fixed?</a> Retrieved from <code>https://www.csoonline.com/article/3223203/what-is-the-heartbleed-bug-how-does-it-work-and-how-was-it-fixed.html</code>
			</p>
			<p>
				Lee, A. (2014, April 13). <a href="https://readwrite.com/2014/04/13/heartbleed-security-codenomicon-discovery/">How Codenomicon Found The Heartbleed Bug Now Plaguing The Internet</a>. Retrieved from <code>https://readwrite.com/2014/04/13/heartbleed-security-codenomicon-discovery/</code>
			</p>
			<p>
				Limer, E. (2014, April 9). <a href="https://gizmodo.com/how-heartbleed-works-the-code-behind-the-internets-se-1561341209">How Heartbleed Works: The Code Behind the Internet&apos;s Security Nightmare</a>. Retrieved from <code>https://gizmodo.com/how-heartbleed-works-the-code-behind-the-internets-se-1561341209</code>
			</p>
			<p>
				Rowley, J. (2014, April 9). <a href="https://casecurity.org/2014/04/09/heartbleed-bug-vulnerability-discovery-impact-and-solution/">Heartbleed Bug Vulnerability: Discovery, Impact and Solution</a>. Retrieved from <code>https://casecurity.org/2014/04/09/heartbleed-bug-vulnerability-discovery-impact-and-solution/</code>
			</p>
			<p>
				Synopsys, Inc. (2014, March 29). <a href="https://heartbleed.com/">Heartbleed Bug</a>. Retrieved from <code>https://heartbleed.com/</code>
			</p>
		</div>
	</blockquote>
</section>
END
);
